<?php session_start();
//  Developed by Roshan Bhattarai 
//  Visit http://roshanbh.com.np for this script and more.
//  This notice MUST stay intact for legal use

// connection settings stored in file
include("include/connectionParameters.php");
	
$connection = mysql_connect($host,$user,$pass)
	or die ("Can't connect to server, try again later, please");

//connect to this db
mysql_select_db($database);
	
//get the posted values
$email = htmlspecialchars($_POST['login_name'], ENT_QUOTES);
$pass = $_POST['login_pass'];

//now validating username and password and status
$sql = 'SELECT * FROM `Users`'
	. ' WHERE `email` ="' . mysql_real_escape_string($email) . '"'
	. ' AND `password` = MD5("' . $pass . '") AND `active` = 1 LIMIT 1';
$result = mysql_query($sql);
$row = mysql_fetch_array($result);

//if username exists
if(mysql_num_rows($result) > 0)
{
	require('include/inc.const.php');

	//set the cookie to remember user if needed
	if ($_POST['remember'] === 'on') {
		setcookie('remember', $email . ':' . md5(md5($pass) . COOKIE_PASS . $email), time() + 60*60*24*30);// will set the cookie to expire in 30 days.
	}

	//now set the session from here if needed
	foreach ($row as $key => $value) {
		$_SESSION[$key] = $value;
	}

	//return json object
	echo '{'
			. '"status": 1,'
			. '"message": "Thanks, you are now logged in.",'
			. '"profile": {'
				. '"firstName": "' . $row['firstName'] . '",'
				. '"lastName": "' . $row['lastName'] . '",'
				. '"university": "' . $row['university'] . '",'
				. '"city": "' . $row['city'] . '"'
			. '}'
		. '}';
} else {
	echo '{"status": 0, "message": "Invalid username or password."}';//Invalid Login
}
	
?>